US flag   Official website of the Department of Homeland Security

Enterprise Level Security Metrics and Usability

Defining effective information security metrics has proven difficult, even though there is general agreement that such metrics could allow measurement of progress in security measures and, at a minimum, rough comparisons of security between systems. Metrics underlie and quantify progress in many other system security areas. As the saying goes, “You cannot manage what you cannot measure”. The lack of sound and practical security metrics is severely hampering progress both in research and engineering of secure systems. However, general community agreement on meaningful metrics has been hard to achieve. This is due in part to the rapid evolution of IT, as well as the shifting focus of adversarial action.

Enterprise-level security metrics addresses the security posture of an organization. Experts, such as system administrators, and non-technical users alike must be able to use an organization’s system while still maintaining security.

This project will develop security metrics and the supporting tools and techniques to make them practical and useful as decision aids. This will allow the user to measure security while achieving usability and make informed decisions based on threat and cost to the organization.

Technical Topic Area 2 – Enterprise-Level Security Metrics

Prime: George Mason University | Sub: Applied Visionis; ProInfo

Month YearDocument TitleDownload
October 2012Metrics Suite for Enterprise-Level Attack Graph Analysis

PDF (1 MB)

Prime: University of Illinois at Urbana-Champaign | Sub: None

Month YearDocument TitleDownload
October 2012A Tool for Compliance and Depth of Defense Metrics

PDF (1 MB)

Technical Topic Area 3 – Usable Security

Prime: IBM Research | Sub: None

Month YearDocument TitleDownload
October 2012Usable Multi-Factor Authentication and Risk-Based Authorization

PDF (2.1 MB)

Prime: Indiana University | Sub: USC Information Sciences Institute

Month YearDocument TitleDownload
October 2012CUTS: Coordinating User and Technical Security

PDF (1 MB)

Prime: University of Houston | Sub: None

Month YearDocument TitleDownload
October 2012Continous and Active Authentication for Mobile Devices Using Multiple Sensors

PDF (1 MB)

Back to Top

Back to Top